Sunday, June 15, 2008

A Primer on Nuclear Safety: 1.3.2 Heat, Water and Steam

1.3.2 Heat, Water and Steam: The Navy's reactor and safety

Hyman Rickover was something of a monster. Contrary to Richard Nixon, Rickover was not at all able to admit mistakes. Rickover was ruthless and driven. He was a perfectionist, and deep inside he was frightened. He was in fact by personality, the perfect cold warrior. And as the cold war began to die of attrition, Rickover's power began to decline, but that is another story.

On October 13, 1960, , , , [the] submarine K-8 was on exercise in the Barents Sea when a leak developed in the steam generators and in a pipe leading to the compensator reception. The equipment for blocking these leaks was also damaged such that the crew itself began the work of stopping the leak. They mounted a provisional system for supplying water to the reactor to ensure cooling of the reactor and we are told that the risk of a core melt in the reactor was averted. But then we are also told about radiation whuch could have only come from core component failure, Large amounts of radioactive gases leaked out which contaminated the entire vessel.

Well we have a secondary coolant leak, a defective repair kit, with no other means of means of repair, but a secondary system which sounds Jury rigged, was set up. no coolant system redundancy. We are told that there was no core meltdown, but we are also told of a release of radioactive materials, which could have only occurred if overheated fuel elements had ruptured, and had released radioactive gasses and minerals into the leaky coolant system.

"On May 24, 1968, the nuclear submarine K-27 (Project 645) was out at sea. During sea trials, the nuclear reactor had operated at reduced power, and on May 24, power inexplicably suddenly dropped. Attempts by the crew to restore power levels failed. Simultaneously, gamma radiation in the reactor compartment increased to 150 R/h. Radioactive gases were released to the reactor compartment from the safety buffer tank, and radiation on board the submarine increased. The reactor was shut down, and approximately 20% of the fuel assemblies were damaged. The incident was caused by problems in the cooling of the reactor core.[585] The entire submarine was scuttled in the Kara Sea in 1981."

For this accident to have happened, there would have had to have been a significant failure by the reactor manufacturer. The reactor was built with one or more major defects that prevented normal cooling of part of the reactor. The consequence was a partial reactor meltdown.

Finally we have my all time favorite soviet reactor accident story:

On September 30, 1980, the submarine K-222 was at the factory in Severodvinsk due for a thorough reactor check. During the course of work, the submarine's crew left for lunch leaving the factory personnel on board the vessel. As a result of a breach in the pertinent procedural instructions, power was sent through the safety rod mechanisms without the controls also being engaged. Following a failure in the automatic equipment, there was an uncontrolled raising of the control rods with a subsequent uncontrolled start up of the reactor. As a result of this, the reactor core was damaged.

These three stories illustrate that Soviet safety problems were systematic rather than incidental. Naval crews and ship servicing workmen were not fully trained. Systems crucial for safety appear to have full redundancy. Defective equipment was manufactured and installed, without the problems being spotted by quality control. Controls were not fool proof. Ship board procedures left ships unmanned, while undertrained trained ship servicing personnel roamed the ship, preforming unauthorized repairs. In the Soviet Nuclear submarine safety system we have a system which perfectly reflects the defects of the social order in which it was created. In the Soviet system everyone was answerable for failure, but no one had the power to prevent it.

Rickover was answerable for failure, but he did have the power to bring about success. Rickover quite obviously had though a lot about nuclear safety. And within the reach of the Nuclear Navy Rickover's answers were successful. Rickover's safety solutions were simple:1. Use highly trained personnel2. Design first rate equipment3. Design equiptment to be easily repaired4. Build in redundancy for every thing important5. Make sure that contractors do not cut corners6. Make surethat all parts fulfill all specifications7. Don't deviate from successful formulas9. Service often, redundancy allows the servicing of an operating reactor by putting a parallel system online.9. Write manuals for everything, perfect them, and see to it that they are followed too the letter.

Rickover's system worked for the Navy. Unlike the Soviets,the United States Navy never had a ship sink, or a radiation casualty, due to a reactor failure. There was a problem with Rickover's system. It was not transferrable to civilian settings

There is a human side to nuclear safety that has to be explored, if safety problems and safety is to be explained. Safety has both individual and social aspects.

Naval nuclear safety is a manifestation of social systems. There were very different safety records in the United States and the Soviet Navies. Human error is to be expected, although certain steps to lower the error rate. In the case of the Soviet Union, central control had to be maintained, even though the individuals charged with responsibility to exercise control did not understand what they were doing. Thus the system of control was itself out of control.

In the United States Navy the manuel was substituted for individual judgement, Manuals were written, as far as possible to cover every situation Naval reactor personnel would face, and direct them what to do. Training Naval reactor operators then involved teaching the manuel and drilling on it, till operators could follow it without mistakes. But the Navy reactor system required that great power be given to one individual - Rickover. Rickover's power was multi-phased. As a military officer he had the power to give orders and expect that they be obeyed. As an administrator he had the ability to make decisions and see that they were carried out. As a politician he had the ability to make himself appear indispensable to his country, and thus untouchable in the political process. Rickover has charisma of office. He had many enemies inside the Navy, but they lacked to clout to fight him because of the titles and history he carried.

Human judgement research has shown that basing judgements based on actuarial data, brings superior results to relying on the judgement of experts. The cause of safety is best served by engineering safety into the reactor, and engineering human judgement out, as far as that is possible. A manuel is a means by which "best practices" are removed from iondiviodual judgement and institutionalized. In the Soviet system, "the experts" did not know what they were doing, and the people who understood, did not have the power to control events. This is a perfect recipe for failure.

There were the seeds of failure in the Rickover system too, Rickover eventually lost control of his ambition, and began to extend his reach beyond what he could comfortably control. Rickover, "the expert" reached the point where he no longer knew what he was doing. The people who understood, the Scientist did not have the power to control events, but they had the power to go over Rickover's head, to Congress and the American people.

1 comment:

Peter Blose
said...

I am researching family history. I am looking for information on my late father-in-law Richard Fardy. It's my understanding that he was the chief engineer for the Shippingport plant and also had a significant role in construction at Savanna River and Oak Ridge in the 1950s. Can you direct me to a resource with reliable information? Thanks, Peter Blose -peter_blose@yahoo.com